Understanding OAuth 2.0

OAuth (Open Authorization) is an open standard that allows an end user's account information to be used by third-party services without exposing the user's password. Initially, OAuth 2.0 was supported for Oracle Identity Cloud Service (IDCS) and Chatbot REST Services. Oracle subsequently added support for OAuth 2.0 to Azure, Okta, and Ping.

Currently, the only authentication options for provider REST services are Basic Authentication and PeopleSoft Token. OAuth 2.0 is the industry-standard protocol for authorization. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

Item	Description
Representational State Transfer (REST)	REST is a style of software architecture for distributed hypermedia systems such as the World Wide Web.
OAuth 2.0	Authorization framework that enables applications to obtain limited access to user accounts on an HTTP service. PeopleTools will only use OAuth 2.0’s AccessToken for this Authorization framework. This Access Token is not used for authentication purpose.
Access Token	An Access Token is a credential that can be used by an application to access an API. The purpose of this token is to inform the API that the bearer of the token has been authorized to access the API and perform a predetermined set of actions (which is specified by the scopes granted). Access Tokens must never be used for authentication. It cannot tell us if the user has authenticated. The only user information the Access Token possesses is the user ID, located in the sub claim.
Grant Access Type	Applications can request an access token to access protected endpoints in different ways, depending on the type of grant type specified in the client application.
Oracle Identity Cloud Service (IDCS)	Oracle’s OAuth 2.0 Server.